Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153947.roa
File:                     AS153947.roa (raw, json)
Hash identifier:          oT4wfnrYonpo3V9/EG4CYfllTlZJ2TOQb/gHjPOfrw8=
Subject key identifier:   D6:15:04:26:9A:A9:81:2C:33:F5:71:35:77:90:C8:F9:4F:D3:72:44
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       198598A65634BCFD94F71F92D7EB104CEF145D0A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153947.roa
Signing time:             Fri 12 Jun 2026 08:25:40 +0000
ROA not before:           Fri 12 Jun 2026 08:20:40 +0000
ROA not after:            Fri 11 Jun 2027 08:25:40 +0000
asID:                     153947
IP address blocks:        82.38.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:85:98:a6:56:34:bc:fd:94:f7:1f:92:d7:eb:10:4c:ef:14:5d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 12 08:20:40 2026 GMT
            Not After : Jun 11 08:25:40 2027 GMT
        Subject: CN=D61504269AA9812C33F571357790C8F94FD37244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f5:ad:a5:0f:74:e0:34:a4:c6:25:39:e2:21:
                    84:cc:e6:33:7f:f6:62:b3:c4:cb:7d:29:b2:03:e5:
                    ce:ae:bd:43:e4:dc:d2:04:77:86:9d:00:03:30:38:
                    58:2b:87:77:ff:8a:55:e5:8e:8b:2d:44:0b:88:70:
                    8f:ea:d5:4e:c2:46:e6:54:22:ad:13:ec:21:66:8b:
                    8b:87:82:1b:b1:02:9e:ba:63:03:81:bf:1c:7b:6d:
                    6d:2b:a7:06:cc:60:b4:67:44:ae:1e:01:2d:86:79:
                    32:32:3a:b6:d6:b5:71:12:87:d6:d1:31:91:27:02:
                    0b:2c:8e:28:c5:0f:0f:1d:2b:90:15:d6:bb:b0:00:
                    4f:7b:b5:5e:ed:da:38:e7:43:0f:1f:94:44:24:b7:
                    89:93:0d:15:60:83:d7:64:32:5f:93:00:fb:12:c7:
                    db:b0:8e:d7:8f:ff:36:31:ef:0a:cf:0a:4f:70:66:
                    c3:89:e0:d5:bc:f3:17:38:11:04:d7:27:d5:91:3d:
                    9e:b3:ea:ce:11:19:47:c3:c2:e0:55:2e:be:c3:b3:
                    36:cb:e1:05:80:56:ef:25:39:2b:48:27:75:ba:c4:
                    b5:d8:14:9d:a4:59:94:95:8f:d3:41:34:6c:8f:3c:
                    ef:fa:32:21:1b:56:35:f7:e3:58:fe:f8:be:bb:eb:
                    ec:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:15:04:26:9A:A9:81:2C:33:F5:71:35:77:90:C8:F9:4F:D3:72:44
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153947.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:94:89:8e:ce:cd:e6:e6:7e:07:fa:09:69:48:84:66:d6:99:
         c8:32:6a:93:0b:54:bf:79:0d:c6:26:5e:f3:a0:6f:3f:9d:80:
         3f:b9:8f:e8:40:9b:ff:ff:e9:5a:92:b2:95:71:1c:4f:2c:fd:
         22:3d:c4:25:62:e9:fb:fa:ba:8e:59:a8:16:dc:f6:ff:71:6c:
         a5:f4:8d:96:ac:9c:b0:a9:e0:5d:c9:84:9b:b9:88:6c:14:5c:
         94:19:65:38:ec:f2:54:bd:72:c7:0e:a6:b9:3b:10:c4:66:9c:
         a7:7a:3b:fd:62:a5:e3:ac:8c:ce:75:0d:b3:7f:0e:d0:8e:78:
         4e:1d:a1:39:b4:3a:fd:f7:ec:7e:d1:5e:5a:80:93:a2:38:cd:
         d2:2e:ea:7c:7e:a3:c4:7e:9f:b2:0a:02:5e:b8:b3:5e:49:63:
         96:a2:2e:73:40:57:ad:ec:27:f8:1d:75:83:2a:29:ae:29:0b:
         c3:54:60:18:da:7b:e8:fe:ed:79:63:e3:e2:d4:54:5a:b6:56:
         13:a1:65:c2:cd:85:9a:83:ee:01:5c:0c:95:5d:77:96:2e:2b:
         1a:ef:8d:12:88:e2:fa:08:bc:34:72:88:f3:12:23:46:82:c0:
         74:1e:a0:31:bf:a6:4e:56:ad:5b:ee:9d:f5:21:fb:bd:9f:ce:
         13:72:3b:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGYWYplY0vP2U9x+S1+sQTO8UXQowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MTIwODIwNDBaFw0yNzA2MTEwODI1NDBaMDMxMTAvBgNV
BAMTKEQ2MTUwNDI2OUFBOTgxMkMzM0Y1NzEzNTc3OTBDOEY5NEZEMzcyNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB9a2lD3TgNKTGJTniIYTM5jN/
9mKzxMt9KbID5c6uvUPk3NIEd4adAAMwOFgrh3f/ilXljostRAuIcI/q1U7CRuZU
Iq0T7CFmi4uHghuxAp66YwOBvxx7bW0rpwbMYLRnRK4eAS2GeTIyOrbWtXESh9bR
MZEnAgssjijFDw8dK5AV1ruwAE97tV7t2jjnQw8flEQkt4mTDRVgg9dkMl+TAPsS
x9uwjteP/zYx7wrPCk9wZsOJ4NW88xc4EQTXJ9WRPZ6z6s4RGUfDwuBVLr7DszbL
4QWAVu8lOStIJ3W6xLXYFJ2kWZSVj9NBNGyPPO/6MiEbVjX341j++L676+wJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1hUEJpqpgSwz9XE1d5DI+U/TckQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUzOTQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUibb
MA0GCSqGSIb3DQEBCwUAA4IBAQA7lImOzs3m5n4H+glpSIRm1pnIMmqTC1S/eQ3G
Jl7zoG8/nYA/uY/oQJv//+lakrKVcRxPLP0iPcQlYun7+rqOWagW3Pb/cWyl9I2W
rJywqeBdyYSbuYhsFFyUGWU47PJUvXLHDqa5OxDEZpynejv9YqXjrIzOdQ2zfw7Q
jnhOHaE5tDr99+x+0V5agJOiOM3SLup8fqPEfp+yCgJeuLNeSWOWoi5zQFet7Cf4
HXWDKimuKQvDVGAY2nvo/u15Y+Pi1FRatlYToWXCzYWag+4BXAyVXXeWLisa740S
iOL6CLw0cojzEiNGgsB0HqAxv6ZOVq1b7p31Ifu9n84Tcjta
-----END CERTIFICATE-----